Encryption scuppered US police just nine times in 2013

The spread of usable encryption
tools hasn't exactly made law enforcement wiretaps obsolete. But in
a handful of cases over the past year in the US -- and more than
ever before -- it did shut down cops' attempts to eavesdrop on
criminal suspects, the latest sign of a slow but steady increase in
encryption's adoption by police targets over the last decade.

In nine cases in 2013, US state police were unable to break the
encryption used by criminal suspects they were investigating,
according to an annual report on law enforcement eavesdropping released by the US
court system on Wednesday, 2 July. That's more than twice
as many cases as in 2012, when police said that they'd been stymied
by crypto in four cases -- and that was the first year they'd ever
reported encryption preventing them from successfully surveilling a
criminal suspect. Before then, the number stood at zero.

The cases in which the police encountered encryption at all,
it's worth noting, still represent just a tiny fraction of law
enforcement's growing overall number of surveillance targets. Feds
and state police eavesdropped on US suspects' phone calls, text
messages, and other communications at least 3,500 times in 2013, a
statistic that will likely be revised upwards over the next year as
law enforcement's data becomes more complete. Of those thousands of
cases, only 41 involved encryption at all. And in 32 cases cops
were able to somehow circumvent or break suspects' privacy
protections to eavesdrop on their targets unimpeded. The report
doesn't include details of the specific cases.

Those numbers still contradict the warnings from government
agencies like the FBI for more than a decade that the free
availability of encryption tools will eventually lead to a "going
dark" problem, a dystopian future where criminals and terrorists
use privacy tools to make their communications invisible to law
enforcement. Last year, for instance, the Drug Enforcement Agency
leaked an internal report complaining that Apple's iMessage encryption was
blocking their investigations of drug dealers. "So the
cryptapocalypse they warned us about in the 90s has come to pass,"
University of Pennsylvania computer science professor Matt
Blaze noted
drily on Twitter. "Strong crypto used in a whopping 0.25
percent of wiretaps last year."

Even so, a look back at the last ten years' statistics from
police reports shows that encryption use is on the rise, even if
the number of cases remains small and most encryption use is still
futile. As recently as 2006 and 2007, police reported that they
hadn't encountered any uses of encryption at all, and only dealt
with one case of a suspect using encryption in 2009. (In Thursday's
report, police also counted another 52 cases of encryption use by
their targets prior to 2013, but didn't specify in which years
those incidents had occurred.)

That steady trickle of encryption tools into the public's hands
is a sign that Americans' awareness of surveillance is rising.
Edward Snowden's leaks about NSA surveillance began dropping in
July of last year, and carried with them a wave of interest in new
privacy technologies. "Post-Snowden, both people and companies have
become more sophisticated in safeguarding their communications,"
says Hanni Fakhoury, a surveillance-focussed attorney with the
Electronic Frontier Foundation. "When you look at this report next
year, there will no doubt be even more use of encryption."

Crypto aside, the report noted a significant drop in the cost of
police surveillance. Police reported an average of $41,119
(£23,985) per case in which they intercepted a suspect's
communications in 2013. That's down 18 percent from the year
before, and represents the cheapest snooping ever, perhaps thanks
to advances in surveillance technology. In 2003, for instance, a
wiretap cost an average of $62,164 (£36,259) almost 50 percent
more than today.

That steady drop in the price of spying may be one reason why
the number of total wiretap cases has steadily grown over the past
decade. Although the total wiretap count for 2013 is still
incomplete, it added up to 4,927 cases in 2012, more than twice the
2,136 cases in 2003.

In other words, privacy activists have little reason to
celebrate, and police complaints about encryption foiling their
investigations ring hollow. "You'll see the government prop
encryption up as a bogeyman, but this is actually a very small
problem for them," he says. "It's stretching it to say, 'in nine
cases this was an obstacle so we need to rewrite the criminal
code.' That's overkill."